Permission requirements for OneAgent installation and operation on Windows
To fully automate the monitoring of your operating systems, processes, and network interfaces DESK requires privileged access to your operating system during both installation and operation.
Note:
DESK OneAgent is tested extensively to ensure that it has minimal performance impact on your system and conforms to the highest security standards.
Installation
DESK OneAgent requires admin privileges for:
- Creating the DESK OneAgent service.
- Modifying certain registry keys.
- Installing WinPcap.
- Installing oneagentmon device.
If you have Log Monitoring enabled, admin privileges are also required for:
- Creating the DESK Log Monitoring OneAgent configuration file, which stores security flags (for example, log content access and log auto-detection) and rules that define files that should be treated as log files (based on file extension and location).
Operation
DESK OneAgent requires admin privileges to:
- List all processes.
- Get memory statistics for all processes.
- Read each process command line and environment.
- View the descriptions of executable files.
- Read application configuration for Apache and IIS
- View the list of libraries loaded for each process.
- Read Windows registry keys.
- Read .NET application domain for .NET 2.0, 3.0, and 3.5.
- Start monitoring network traffic.
- Parse executables for Go Discovery.
- Gather monitoring data related to Docker containers.
If you have Log Monitoring enabled, admin privileges are also required to:
- Access system logs: System/Application/Security Event logs.
- Access the list of open file handles for each process (low-level WinAPI calls).
- Access the log file for each process.